Earthwave, a managed security services provider, is pioneering a much faster way for large companies and service providers to create a security operations centre that meets a high standard for security.

It's called SOC-in-a-Box, a product Earthwave began offering after helping companies on a piecemeal basis build security operations centers, said Carlo Minassian, who founded the Sydney-based company 12 years ago and is its CEO.

Financial services, telecommunication operators and government agencies all need extensive monitoring of their networks as hackers seek to steal data and disrupt operations.

That monitoring requires installing a security information and event management (SIEM) product, which tries to pick out anomalies in network traffic. It also requires physically building a SOC, meeting a variety of industry and government standards as well as hiring the right people to run it.

Perhaps not surprisingly, many projects failed or ran way over budget, Minassian said. "We saw this consistently happening especially in the last four or five years. As the SIEM market is heating up, more and more people are buying it, and we are seeing more and more failed projects."

Three to five years, down to one

Earthwave decided to start offering a SOC as a complete package. Companies typically can spend three to five years building, certifying and staffing a SOC on their own built from scratch, but Earthwave has cut that time down to a year, Minassian said. Clients can use whatever technology they want, with Earthwave making sure it works right, or even contract with Earthwave to run it.

Two SOCs run by Earthwave for its customers have bulletproof glass, wire meshing in concrete slabs and special cabinets for servers to prevent unauthorised access. Separate air conditioning ducts separate from the main building serve the SOC to prevent intruders from gaining access. Armed guards will respond to an incident in the centers in under 15 minutes.

On the software side, Earthwave uses ArcSight, now owned by HP, for security event monitoring. Earthwave's developers have built a customised portal that collates information from the various security products employed by its clients.

It also has developed its own intellectual property built around ArcSight in the form of 400 information "feeds" which detect certain defined security risks. One scenario a feed would detect is if a person is physically at work but is logging onto a sensitive company system from somewhere else, Minassian said.

More than a dozen acquisition offers

Minassian also spearheaded the Threat Intelligence Alliance, a program started five years ago that collects information on Internet threats from other vendors, such as URL blacklists and botnet command-and-control servers. That intelligence is incorporated into its network monitoring systems.

About half of Earthwave's clients are Australian government agencies, with the others in areas such as financial services and telecommunications. For example, Earthwave is responsible for network monitoring for about 95 percent of the critical infrastructure used for delivering clean water and energy in the state of New South Wales, Minassian said.

So far Earthwave's managed services are focused solely on Australia due to data-handling requirements dictated by the security specifications it builds to, Minassian said. But the company has done consulting for other large companies outside of Australia.

Earthwave's business has come into its own as of late, but its early days were hard: Minassian, an ethnic Armenian who immigrated to Australia from Iran in 1985, said he worked for free for years as it struggled to stay in business. Now, it has changed: He said last year he rebuffed more than a dozen acquisition offers from defense companies, venture capital firms and other vendors.